🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

676,628

Attacks Blocked in Past 24 Hours

Showing 1-20 of 225 Vulnerabilities

BuddyPress 2.0 - 2.7.3 - Unauthenticated Arbitrary File Deletion

10.0

CVE ID Unknown

Dec 23, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion

9.8

CVE ID Unknown

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Admin Word Count Column <= 2.2 - Arbitrary File Read

9.8

CVE ID Unknown

Mar 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution

9.8

CVE-2020-10564

Mar 13, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

9.8

CVE ID Unknown

Sep 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPS Child Theme Generator < 1.2 - Directory Traversal

9.8

CVE-2019-15822

Jul 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal

9.8

CVE-2018-16283

Sep 19, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation

9.8

CVE-2018-19042

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Membership Simplified <= 1.58 - Arbitrary File Download

9.8

CVE-2017-1002008

Mar 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal

9.8

CVE-2015-4414

Jun 6, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution

9.8

CVE ID Unknown

May 15, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion

9.8

CVE-2014-1907

Feb 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A Page Flip Book < 3.0 - Directory Traversal

9.8

CVE-2012-6652

Jul 10, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

wordTube <= 1.43 - Directory Traversal and File Inclusion

9.8

CVE-2007-2482

May 1, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read

9.4

CVE ID Unknown

May 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal

9.1

CVE-2023-5105

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

9.1

CVE-2023-5414

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API

9.1

CVE-2021-24638

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

WP Fastest Cache <= 0.8.9.5 - Directory Traversal

9.1

CVE-2019-13635

Jul 28, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Real3D Flipbook <= 1.0.0 - Directory Traversal

9.1

CVE-2016-10965

Jul 3, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
BuddyPress 2.0 - 2.7.3 - Unauthenticated Arbitrary File Deletion		10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H	December 23, 2016
Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 12, 2022
Admin Word Count Column <= 2.2 - Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 27, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution	CVE-2020-10564	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2020
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 9, 2019
WPS Child Theme Generator < 1.2 - Directory Traversal	CVE-2019-15822	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 23, 2019
微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal	CVE-2018-16283	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 19, 2018
Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation	CVE-2018-19042	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2018
Membership Simplified <= 1.58 - Arbitrary File Download	CVE-2017-1002008	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2017
SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal	CVE-2015-4414	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 6, 2015
My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 15, 2015
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion	CVE-2014-1907	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 27, 2014
A Page Flip Book < 3.0 - Directory Traversal	CVE-2012-6652	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 10, 2012
wordTube <= 1.43 - Directory Traversal and File Inclusion	CVE-2007-2482	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 1, 2007
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read		9.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L	May 13, 2019
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal	CVE-2023-5105	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	November 13, 2023
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read	CVE-2023-5414	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	October 11, 2023
OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API	CVE-2021-24638	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	August 23, 2021
WP Fastest Cache <= 0.8.9.5 - Directory Traversal	CVE-2019-13635	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	July 28, 2019
Real3D Flipbook <= 1.0.0 - Directory Traversal	CVE-2016-10965	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	July 3, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation